The invention relates to a vehicle security device having electronic use authorization coding for identifying an authorized access to the vehicle.
Vehicle security devices of this generic type are known, such as for example, electronic disabling facilities which operate according to a so-called alternating code method for protecting the vehicle against unauthorized use by a third party. Such a system is described in the company brochure "Diebstahlschutz fur das Auto [Protecting cars against theft]" from TEMIC TELEFUNKEN Microelektronik GmbH dated August 1993. In comparison with fixed code methods which were customary in the past (such as described for example in German Patent Document DE-OS 29 11 828 A1), in such alternating code methods safeguarding against unauthorized use of the vehicle after one or more of the code transmission protocols have been intercepted is enhanced by the code information changing at each so-called authentication process, i.e., at each testing process of the use authorization. This code change can only be implemented from the key unit to the vehicle unit in compliance with the unidirectional code information transmission known from the fixed code method, by a secret item of base counting information and an algorithm stored both in the key unit and in the vehicle unit. By means of this algorithm the successive items of code information can be derived from the base number so that at the vehicle unit the user authorization can be tested by respectively comparing the code information produced at the vehicle unit with the code information transmitted at the key unit. Alternatively, it is known to provide both the key unit and vehicle unit, after each successful authentication, with a new, randomly selected or deterministically specified authorizing item of code information for the next authentication, cf. for example, the German Patent Document DE-OS 32 34 539 A1 and the patent document DE 33 13 098 C1. However, such controlled synchronization requires a bidirectional exchange of data which is made possible in a wireless fashion or via electrically conductive contact between the key unit and a piece of vehicle equipment which is involved in the process.
Moreover, in addition to the alternating code methods which operate during an authentication with unidirectional data transmission, so-called symmetrical encryption methods are known in which the authentication takes place by means of bidirectional data exchange, one secret coding algorithm of the same type being stored on the one hand at the key unit, and on the other hand, at the vehicle unit, respectively. This algorithm generates a respective item of code information in response to an item of input information, e.g., an item of random counting information, fed to both units, the key unit code information being subsequently transmitted to the vehicle unit and tested there for corresponding with the code information generated at the vehicle unit. A method of this kind is described in the German Patent Document DE-OS 32 25 754 A1.
Consequently, all the above mentioned methods require the storage of an item of secret information at the vehicle unit. Thus, there is not only a certain risk of unauthorized reading-out of this item of secret information from the vehicle end, but additional care must be taken that such secret data information is protected at the vehicle unit, which makes corresponding logistic outlay necessary at the vehicle manufacturer's and in garages in which this secret vehicle-specific information is to be fed into pieces of replacement equipment.
One object of the present invention is to provide a vehicle security device of the type mentioned above which affords a relatively high degree of protection against unauthorized use of a vehicle by a third party, together with a relatively low degree of outlay (in particular even by unidirectional data transmission) and convenient control.
Another object of the invention is to render it impossible for an unauthorized person to intercept an authentication process or read out an item of vehicle end code information, and subsequently operate the vehicle by using the intercepted or read-out information to authenticate such use.
Still another object of the invention is to provide a security device of the type described, in which it is unnecessary to store secret items of information at the vehicle end.
These and other objects and advantages are achieved by the vehicle security device according to the invention, which offers a relatively high degree of protection against unauthorized use of the vehicle by a third party with a comparatively small outlay. In particular, a vehicle-end storage of an item of secret information is not absolutely necessary, which saves on security logistics at the vehicle manufacturer's and in garages and avoids associated security risks. In addition, in the security device according to the invention, copied keys with which successful authentication would be possible cannot be manufactured by reading out the code information contained at the vehicle end. Furthermore, the omission of logistical security measures is a particularly important factor if multiple pieces of equipment are involved in authentication at the vehicle end so that it is uneconomical to bypass the disabling facility simply by replacing one or a small number of pieces of equipment involved in authentication.
The code security of the authentication according to the invention is based on an inherent property of a mathematical "one-way function". A one-way function is defined here as a mathematical function for which the function value associated with a given inverse image can be determined unambiguously and comparatively easily from its domain, while it is not possible, even with the maximum practically available computational power, to find an inverse image associated with a given one-way function value. (In mathematics the term "inverse image" refers to a set of input values used to generate an associated set of function values by means of a function f. If y=f(x), then a value x, associated with a particular function value y, may be referred to as the inverse image of y.sub.1. That is x.sub.1 =f.sup.-1 (y.sub.1).) Thus, the algorithm for calculating a one-way function value associated with an inverse image is comparatively simple, but on the other hand, the determination of an inverse image which is associated with a given value of a one,way function is not possible within an available time period and a practically realizable computational outlay.
The latter proposition, of course, depends in large measure on the computer capacity available. At the current state of computer technology, such one-way functions, e.g., in the form of so-called "hash functions", are known and are principally used for protecting messages in cryptography, it being possible nowadays for approximately 2.sup.50 calculation and memory processes of hash values to be attained as the upper limit for the computational outlay which can be practically coped with.
The hash function, sometimes called a message-digest algorithm, compresses messages of arbitrary length to a 128-bit output block, that is called the fingerprint hashcode, hash value or message-digest of the message. It is regarded as computationally infeasible to produce two messages having the same hashcode, or to produce any messages having a given prespecified target hashcode. Hash functions with these properties are known and used in message authentication applications such as the protection of the integrity and the origin of data stored or transmitted using secret-key or public-key techniques.
Because of the virtual irreversibility of one-way functions, the one-way function values at the vehicle unit do not have to be treated as secret, since even unauthorized reading-out of the said values from the vehicle would not permit an unauthorized person to discover the associated inverse images and thus produce an electronic copy of the key. Security of the system against interception and exploitation of an authentication attempt is also provided by the fact that a new item of inverse image code information is transmitted for each authorization attempt. Depending on the result of the comparison of actual and desired authorization information, the authentication unit in the vehicle outputs an item of use-enabling information which in the case of a positive authentication attempt leads to an associated electronic disabling facility being deactivated, and in the case of a negative (unsuccessful) authentication attempt, causes it to remain activated. In the latter case, the electronic disabling facility ensures that after the ignition key is withdrawn, at least one piece of equipment which is in the vehicle and is required for access to the vehicle or for the operation of the vehicle (for example, a locking control, an engine control device, etc.) remains disabled.
One embodiment of the invention provides the inverse images stored at the key unit in an advantageous, simple manner by forming this sequence of values by successively executing the one-way function, after which the sequence is read out backwards during operation of the key. (That is, the last inverse image to be determined becomes the initial one.) At the vehicle end, this arrangement provides the technical advantage in terms of memory that not all the one-way function values associated with the inverse images must be stored. Instead, the initial storage of the one-way function value which is associated with the first inverse image to be transmitted is sufficient to provide the desired authorization information, after which, whenever there is a successful authentication using the same key unit, the stored information is overwritten with the inverse image information transmitted for this authentication, since a previously transmitted inverse image is always in fact the one-way function value of the inverse image transmitted subsequently.
In another embodiment of the invention, memory space is saved at the key unit in that not all the inverse images required over the service life of the key unit are stored, but rather just samples at selected intervals throughout the entire sequence of images, and a current value range between two samples. Whenever a current range has been used up, the one-way function algorithm stored at the key unit can be used to generate and store a new current range starting from the next sample by recursive application of the one-way function.
In still another embodiment of the invention, a so-called capture range is formed at the vehicle end which makes it possible, to a prescribable degree, to synchronize the vehicle with the key unit again in the event that synchronization is lost as a result of one or more transmission activities at the key unit which were not received at the vehicle end. If the one-way function value of a received inverse image as actual authorization information does not correspond to the instantaneous vehicle-end desired authorization information, the capture range permits formation of a recursive one-way function to be executed for a prescribed maximum number of repetitions. In this process, the one-way function value which is produced each time from the previous actual authorization information serves as new actual authentication information. If correspondence is detected within the information which has been newly determined in this way, this is evaluated as a positive authentication attempt. The disabling facility is then deactivated, and the transmitted inverse image information is stored as new desired authorization information for the next authorization attempt with this key. If the capture range is selected to be as large as the power of a total inverse image sequence possible in the key unit, this additionally permits an authorizing replacement key to be incorporated into the system in an advantageously simple way, while simultaneously the replaced key automatically becomes invalid. For this purpose, according to yet another embodiment of the invention, the replacement key may preferably be initialized by means of a single secret starting value stored in a central key processing facility for the formation of one-way function values for the initialization of the first key and of all further keys which replace the previous key successively as required.
Yet another embodiment of the invention uses one of the hash functions known from cryptography, specifically a RIPEMD algorithm, which, according to the current state of cryptography, can be assumed to have the required one-way function property.
In a further embodiment of the invention, a plurality of pieces of equipment at the vehicle end are involved in parallel in the authentication, for which purpose they are advantageously connected via a common data bus. This decentralized distribution of authentication which can extend over all the vehicle relevant pieces of equipment, makes mechanical bypassing of the disabling facility (by replacing equipment) substantially more difficult, since all of the pieces of equipment affected by the authentication and the disabling facility would then have to be replaced in order to make it possible for the vehicle to be used by an unauthorized person who does not have the means of achieving successful authentication. The pieces of equipment involved, in particular control devices for the electronic system of the vehicle, can be selected such that replacing them would require an unreasonably high outlay in relation to the benefit gained, and would therefore be unattractive.
In another embodiment of the invention, locking control of the vehicle is included in the authentication so that not only can the vehicle not be started without authorized authentication, it cannot even be opened without violence. If further pieces of equipment are involved, they may be connected to one another, for example, by means of a data bus, and to the locking control. A single vehicle-end receiver for the data transmitted at the key unit is then sufficient, it being possible for the receiver to be assigned, for example, to the locking control.
Still another embodiment of the invention has the advantage that, in the initial identification testing of the vehicle and the key, it is determined whether legitimized hardware units are connected to one another before the actual authentication process is carried out. In this manner, unnecessary activation of authentication operations, which cannot succeed because of an incorrect key/vehicle combination, are avoided.
A final embodiment of the invention permits the use of multiple keys for the vehicle in a manner which is advantageous for circuit technology, and still maintains the one-way function coding algorithm.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of the invention when considered in conjunction with the accompanying drawings.